ytstealer | f2e0fa01291e35a38903a47acf970d79e55ea709131a903be2d87b679530702b

Analysis

max time kernel
54s
max time network
172s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
29-08-2022 22:22

Target

f2e0fa01291e35a38903a47acf970d79e55ea709131a903be2d87b679530702b.exe
Size

4.0MB
MD5

947ac0d59f24c19f55a89c4fcf08aca2
SHA1

0ae20cf5c7c0336b52f5c5416a9f283e9395fdf9
SHA256

f2e0fa01291e35a38903a47acf970d79e55ea709131a903be2d87b679530702b
SHA512

79d9e7f96e5e461bb0384c4de8c33e9758f973ee3a038ec7f0f42df280bc085ce9d83418fae7def66c22a8fb8a24689adbf400062715a30c2ef09d064bd4382c
SSDEEP

98304:ptEKyVAFmvKxD05DKgscpszdc/7JjkUjvHvN4mMXMmH9:pOKyW8WMDXscpSdc19jvH/V+

Score

10^/10

YTStealer
YTStealer is a malware designed to steal YouTube authentication cookies.
stealer ytstealer

YTStealer payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3992-117-0x00000000003D0000-0x00000000011E4000-memory.dmp	family_ytstealer
behavioral2/memory/3992-118-0x00000000003D0000-0x00000000011E4000-memory.dmp	family_ytstealer

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/3992-116-0x00000000003D0000-0x00000000011E4000-memory.dmp	upx
behavioral2/memory/3992-117-0x00000000003D0000-0x00000000011E4000-memory.dmp	upx
behavioral2/memory/3992-118-0x00000000003D0000-0x00000000011E4000-memory.dmp	upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\f2e0fa01291e35a38903a47acf970d79e55ea709131a903be2d87b679530702b.exe
"C:\Users\Admin\AppData\Local\Temp\f2e0fa01291e35a38903a47acf970d79e55ea709131a903be2d87b679530702b.exe"
1⤵
PID:3992

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/3992-116-0x00000000003D0000-0x00000000011E4000-memory.dmp

Filesize
14.1MB

Download
memory/3992-117-0x00000000003D0000-0x00000000011E4000-memory.dmp

Filesize
14.1MB

Download
memory/3992-118-0x00000000003D0000-0x00000000011E4000-memory.dmp

Filesize
14.1MB

Download